GM

Privacy Policy

Last updated: March 9, 2026

1. Introduction

GrayMarket (“we,” “us,” “our”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. By using GrayMarket you agree to this Policy.

2. Information We Collect

2.1 Information You Provide

  • Account registration data: username, email address, password (stored as a bcrypt hash — never in plain text)
  • Payment information: cryptocurrency wallet addresses you provide for withdrawals
  • Identity verification documents (if requested for KYC compliance)
  • Support communications: messages sent to our support team
  • Chat messages posted in our live chat feature

2.2 Information Collected Automatically

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited and time spent on each page
  • Betting history, game outcomes, and transaction records
  • Session tokens stored as httpOnly cookies

3. How We Use Your Information

  • To create and maintain your account
  • To process deposits, withdrawals, and bets
  • To verify your identity and comply with AML/KYC obligations
  • To detect and prevent fraud, cheating, and terms-of-service violations
  • To enforce our Responsible Gambling policies
  • To send transactional emails (deposit confirmations, withdrawal updates, security alerts)
  • To provide customer support
  • To improve the Platform through analytics
  • To comply with legal obligations

4. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract performance — processing necessary to provide services you requested
  • Legal obligation — AML, KYC, and other regulatory requirements
  • Legitimate interests — fraud prevention, security, platform improvement
  • Consent — marketing communications (you may opt out at any time)

5. Data Sharing and Third Parties

We do not sell your personal data. We may share data with:

  • Payment processors — NOWPayments for crypto payment processing
  • Email service providers — Resend for transactional emails
  • Infrastructure providers — Supabase (database), Vercel (hosting), Upstash (caching)
  • Law enforcement — when required by law, court order, or regulatory authority
  • KYC/AML providers — for identity verification when required

All third-party processors are contractually obligated to protect your data and may only use it for the purpose of providing services to us.

6. Cookies and Tracking

We use the following types of cookies:

  • Session cookies — httpOnly JWT cookies for authentication (required for site function)
  • Analytics — anonymized usage data to improve the Platform

We do not use tracking cookies for advertising purposes. You can disable non-essential cookies in your browser settings.

7. Data Retention

We retain your personal data for as long as your account is active. After account closure, we retain data for a minimum of 5 years to comply with AML regulations and for legal defense purposes. Betting history and transaction records are retained for 7 years for regulatory compliance. You may request deletion of non-legally-required data at any time (see Section 9).

8. Data Security

We implement industry-standard security measures including:

  • Passwords stored as bcrypt hashes with cost factor 12
  • Session tokens signed with cryptographic keys and stored as httpOnly, Secure, SameSite cookies
  • Database connections encrypted in transit using TLS
  • Two-factor authentication available for all accounts
  • Rate limiting and brute-force protection on all authentication endpoints

No method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to industry best practices.

9. Your Rights

You have the following rights regarding your personal data:

  • Access — request a copy of all data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of data not required for legal compliance
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request we restrict processing of your data

To exercise any of these rights, contact us at privacy@graymarket.bet. We will respond within 30 days.

10. Children's Privacy

GrayMarket is not intended for and does not knowingly collect data from persons under the age of 18. If we discover we have collected data from a minor, we will delete it immediately and close the account. If you believe a minor has registered, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

12. Referral Program

If you participate in our referral program, we track the referring user's unique referral code in your account. This is used to calculate and credit commissions to your referrer. Referral data is retained for the lifetime of both accounts.

13. Changes to This Policy

We may update this Policy at any time. Material changes will be communicated via email or a notice on the Platform. Continued use after changes constitutes acceptance of the updated Policy.

14. Contact Us

For privacy inquiries: privacy@graymarket.bet
For general support: support@graymarket.bet

See also: Terms of Service